Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...
PCMag

Wikipedia Forced to Lock Down Edits Over JavaScript That Could Delete Pages

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed to delete articles and place Russian text in the edit summary.
PCMag

Phony Claude Code Install Guides Trick Vibe Coders Into Installing Malware

Dubbed InstallFix by Push Security, the scheme inserts instructions to download malware during the Claude Code install process on cloned websites.
WinBuzzer

Chrome Gemini Flaw Let Rogue Extensions Hijack AI Panel

A high-severity Chrome vulnerability has allowed malicious extensions to exploit the Gemini panel and gain elevated access to ...